16 matches found
BIT-NODE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
CentOS 9 : libuv-1.42.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libuv-1.42.0-1.el9 build changelog. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer ...
CVE-2024-24806
A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...
Server-Side Request Forgery (SSRF)
libuv.so is vulnerable to Server-Side Request Forgery SSRF. The vulnerability arises due to how the hostnameascii variable with a length of 256 bytes is handled in uvgetaddrinfo and subsequently in uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating nu...
GLSA-202401-23 : libuv: Buffer Overread
The remote host is affected by the vulnerability described in GLSA-202401-23 libuv: Buffer Overread - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether...
Rocky Linux 8 : libuv (RLSA-2021:3075)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3075 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read an...
ALSA-2021:3075 Low: libuv security update
libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
RHEL 8 : libuv (RHSA-2021:3075)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3075 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to...
[ASA-202107-36] libuv: information disclosure
Arch Linux Security Advisory ASA-202107-36 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-22918 Package : libuv Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2131 Summary ======= The package libuv before versi...
The vulnerability of the uv__idna_toascii() function on the Node.js software platform, which allows a hacker to trigger a service failure or gain unauthorized access to protected information.
The vulnerability of the uvidnatoascii function on the Node.js platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain unauthorized access to protected information...
CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
Out-of-bounds
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
CVE-2021-22918
CVE-2021-22918 affects Node.js releases prior to 16.4.1, 14.17.2 and 12.22.2 due to an out-of-bounds read in libuv’s uv__idna_toascii() used during DNS lookups. The flaw allows information disclosure or crashes when a crafted domain is processed via uv_getaddrinfo(). The root cause is reading bey...
CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...